pyconcrete
Protect your python script, encrypt .pyc to .pye and decrypt when import it
Protect python script work flow
- your_script.py
import pyconcrete - pyconcrete will hook import module
- when your script do
import MODULE, pyconcrete import hook will try to findMODULE.pyefirst and then decryptMODULE.pyevia_pyconcrete.pydand execute decrypted data (as .pyc content) - encrypt & decrypt secret key record in
_pyconcrete.pyd(like DLL or SO) the secret key would be hide in binary code, can't see it directly in HEX view
Encryption
- only support AES 128 bit now
- encrypt & decrypt by library OpenAES
Installation
- need to input your passphrase create secret key for encrypt python script.
- same passphrase will generate the same secret key
- installation will add
pyconcrete.pthinto yoursite-packagesfor executesitecustomize.pyunder pyconcrete which will automatic import pyconcrete
pip
You must set up environment variable PYCONCRETE_PASSPHRASE for installation continuously.
$ PYCONCRETE_PASSPHRASE=<your passphrase here> pip install pyconcrete
or, if you use an old pip version that supports --egg:
$ pip install pyconcrete --egg --install-option="--passphrase=<your passphrase>"
pyconcrete installed as egg, if you want to uninstall pyconcrete will need to manually delete
pyconcrete.pth.
source
- get the pyconcrete source code
$ git clone <pyconcrete repo> <pyconcre dir>
- install pyconcrete
$ python setup.py install
Usage
Full encrypted
- convert all of your
.pyto*.pye
$ pyconcrete-admin.py compile --source=<your py script> --pye
$ pyconcrete-admin.py compile --source=<your py module dir> --pye
- remove
*.py*.pycor copy*.pyeto other folder - main.py encrypted as main.pye, it can't be executed by normal
python. You must usepyconcreteto process the main.pye script.pyconcrete(exe) will be installed in your system path (ex: /usr/local/bin)
pyconcrete main.pye
src/*.pye # your libs
Partial encrypted (pyconcrete as lib)
- download pyconcrete source and install by setup.py
$ python setup.py install \
--install-lib=<your project path> \
--install-scripts=<where you want to execute pyconcrete-admin.py and pyconcrete(exe)>
- import pyconcrete in your main script
- recommendation project layout
main.py # import pyconcrete and your lib
pyconcrete/* # put pyconcrete lib in project root, keep it as original files
src/*.pye # your libs
Test
- test in local
$ ./pyconcrete-admin.py test
- test in docker environment
$ ./bin/run-test.sh
- add test case for pyconcrete.exe
- reference exists test case
- add folder in
test/exe_testcases/ - add testing code at
test/exe_testcases/src/main.py - add validator at
test/exe_testcases/validator.py
Example
Building on Linux
Python 3.7 - fix Ubuntu 14.04 build error
x86_64-linux-gnu-gcc: error: unrecognized command line option `-fstack-protector-strong`
Reference by Stackoverflow solution
* you should install gcc-4.9 first
* symlink /usr/bin/x86_64-linux-gnu-gcc to gcc-4.9
* build pycocnrete again
* rollback symlink
Building on Windows
Python 2.7 - Visual Studio 2008
https://www.microsoft.com/en-us/download/details.aspx?id=44266
- Open VS2008 Command Prompt
set DISTUTILS_USE_SDK=1set SET MSSdk=1- create
distutils.cfgand put insidetext [build] compiler=msvc
Python 3.5, 3.6, 3.7 - Visual Studio 2015
-
make sure setuptools >= 24.0
sh python -c 'import setuptools; print(setuptools.__version__)' -
Open VS2015 Build Tools Command Prompt
set DISTUTILS_USE_SDK=1setenv /x64 /releaseorsetenv /x86 /release
Reference
https://matthew-brett.github.io/pydagogue/python_msvc.html https://github.com/cython/cython/wiki/CythonExtensionsOnWindows
Announcement
pyconcrete is an experimental project, there is always a way to decrypt .pye files, but pyconcrete just make it harder.
